QuickTime 7.3.1 released addresses RTSP vulnerability

Published: 2007-12-14
Last Updated: 2007-12-14 21:24:44 UTC
by donald smith (Version: 4)
0 comment(s)

A new version of Apple QuickTime, 7.3.1,  is available that addresses the RTSP vulnerability we covered here: http://isc.sans.org/diary.html?storyid=3713 and http://isc.sans.org/diary.html?storyid=3690

From: http://docs.info.apple.com/article.html?artnum=307176
“QuickTime 7.3.1
CVE-ID: CVE-2007-6166
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.”

The update is available here:
Thanks go out to Juha-Matti and Roger for sending this in.

0 comment(s)


Diary Archives